diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml new file mode 100644 index 000000000..bf2472585 --- /dev/null +++ b/.github/workflows/linter.yml @@ -0,0 +1,72 @@ +# ******************************************************************************** +# Copyright (c) 2020 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made +# available under the terms of the Apache Software License 2.0 +# which is available at https://www.apache.org/licenses/LICENSE-2.0. +# +# SPDX-License-Identifier: Apache-2.0 +# ******************************************************************************** + +--- + ########################### + ########################### + ## Linter GitHub Actions ## + ########################### + ########################### + name: Linter + + # + # Documentation: + # https://help.github.com/en/articles/workflow-syntax-for-github-actions + # + + ############################# + # Start the job on all push # + ############################# + on: + pull_request: + branches: [ main ] + + ############### + # Set the Job # + ############### + permissions: + contents: read + + jobs: + linter: + permissions: + contents: read # for actions/checkout to fetch code + statuses: write # for github/super-linter to mark status of each linter run + # Name the Job + name: Lint Code Base + # Set the agent to run on + runs-on: ubuntu-latest + + ################## + # Load all steps # + ################## + steps: + ########################## + # Checkout the code base # + ########################## + - name: Checkout Code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + # Full git history is needed to get a proper list of changed files within `super-linter` + fetch-depth: 0 + + ################################ + # Run Linter against code base # + ################################ + - name: Lint Code Base + uses: github/super-linter@45fc0d88288beee4701c62761281edfee85655d7 # v5.0.0 + env: + VALIDATE_ALL_CODEBASE: true + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Markdown lint complains about the issue templates + FILTER_REGEX_EXCLUDE: .github/ISSUE_TEMPLATE/* diff --git a/.test/config.sh b/.test/config.sh index f52df2cc4..355854f73 100644 --- a/.test/config.sh +++ b/.test/config.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash +# shellcheck disable=SC2154 imageTests[openjdk]+=' java-ca-certificates-update ' diff --git a/.test/tests/java-ca-certificates-update/run.sh b/.test/tests/java-ca-certificates-update/run.sh index ca7f72d87..6c7e68af6 100755 --- a/.test/tests/java-ca-certificates-update/run.sh +++ b/.test/tests/java-ca-certificates-update/run.sh @@ -2,11 +2,13 @@ set -o pipefail +# shellcheck disable=SC2128 testDir="$(readlink -f "$(dirname "$BASH_SOURCE")")" +# shellcheck disable=SC2128 runDir="$(dirname "$(readlink -f "$BASH_SOURCE")")" # CMD1 in each run is just a `date` to make sure nothing is broken with or without the entrypoint -CMD1=date +CMD1="date" # CMD2 in each run is to check for the `dockerbuilder` certificate in the Java keystore. Entrypoint export $CACERT to # point to the Java keystore. @@ -36,43 +38,43 @@ EOF # # Test run 1: No added certificates and environment variable is not set. We expect CMD1 to succeed and CMD2 to fail. -docker run --rm "$1" $CMD1 >&/dev/null +docker run --rm "$1" "$CMD1" >&/dev/null echo -n $? docker run --rm "$1" "${CMD2[@]}" >&/dev/null echo -n $? # Test run 2: No added certificates, but the environment variable is set. Since there are no certificates, we still # expect CMD1 to succeed and CMD2 to fail. -docker run --rm -e USE_SYSTEM_CA_CERTS=1 "$1" $CMD1 >&/dev/null +docker run --rm -e USE_SYSTEM_CA_CERTS=1 "$1" "$CMD1" >&/dev/null echo -n $? docker run --rm -e USE_SYSTEM_CA_CERTS=1 "$1" "${CMD2[@]}" >&/dev/null echo -n $? # Test run 3: Certificates are mounted, but the environment variable is not set, i.e. certificate importing should not # be activated. We expect CMD1 to succeed and CMD2 to fail. -docker run --rm --volume=$testDir/certs:/certificates "$1" $CMD1 >&/dev/null +docker run --rm --volume="$testDir/certs:/certificates" "$1" "$CMD1" >&/dev/null echo -n $? -docker run --rm --volume=$testDir/certs:/certificates "$1" "${CMD2[@]}" >&/dev/null +docker run --rm --volume="$testDir/certs:/certificates" "$1" "${CMD2[@]}" >&/dev/null echo -n $? # Test run 4: Certificates are mounted and the environment variable is set. We expect both CMD1 and CMD2 to succeed. -docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$1" $CMD1 >&/dev/null +docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$1" "$CMD1" >&/dev/null echo -n $? -docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$1" "${CMD2[@]}" >&/dev/null +docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$1" "${CMD2[@]}" >&/dev/null echo -n $? # Test run 5: Certificates are mounted and are symlinks (e.g. in Kubernetes as `Secret`s or `ConfigMap`s) and the # environment variable is set. We expect both CMD1 and CMD2 to succeed. -docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_symlink:/certificates "$1" $CMD1 >&/dev/null +docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs_symlink:/certificates" "$1" "$CMD1" >&/dev/null echo -n $? -docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_symlink:/certificates "$1" "${CMD2[@]}" >&/dev/null +docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs_symlink:/certificates" "$1" "${CMD2[@]}" >&/dev/null echo -n $? # Test run 6: Certificates are mounted and the environment variable is set, but the entrypoint is overridden. We expect # CMD1 to succeed and CMD2 to fail. -docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" $CMD1 >&/dev/null +docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$TESTIMAGE" "$CMD1" >&/dev/null echo -n $? -docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" "${CMD2[@]}" >&/dev/null +docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$TESTIMAGE" "${CMD2[@]}" >&/dev/null echo -n $? # @@ -80,42 +82,42 @@ echo -n $? # # Test run 1: No added certificates and environment variable is not set. We expect CMD1 to succeed and CMD2 to fail. -docker run --read-only --user 1000:1000 --rm "$1" $CMD1 >&/dev/null +docker run --read-only --user 1000:1000 --rm "$1" "$CMD1" >&/dev/null echo -n $? docker run --read-only --user 1000:1000 --rm "$1" "${CMD2[@]}" >&/dev/null echo -n $? # Test run 2: No added certificates, but the environment variable is set. Since there are no certificates, we still # expect CMD1 to succeed and CMD2 to fail. -docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 "$1" $CMD1 >&/dev/null +docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 "$1" "$CMD1" >&/dev/null echo -n $? docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 "$1" "${CMD2[@]}" >&/dev/null echo -n $? # Test run 3: Certificates are mounted, but the environment variable is not set, i.e. certificate importing should not # be activated. We expect CMD1 to succeed and CMD2 to fail. -docker run --read-only --user 1000:1000 --rm --volume=$testDir/certs:/certificates "$1" $CMD1 >&/dev/null +docker run --read-only --user 1000:1000 --rm --volume="$testDir/certs:/certificates" "$1" "$CMD1" >&/dev/null echo -n $? -docker run --read-only --user 1000:1000 --rm --volume=$testDir/certs:/certificates "$1" "${CMD2[@]}" >&/dev/null +docker run --read-only --user 1000:1000 --rm --volume="$testDir/certs:/certificates" "$1" "${CMD2[@]}" >&/dev/null echo -n $? # Test run 4: Certificates are mounted and the environment variable is set. We expect both CMD1 and CMD2 to succeed. -docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$1" $CMD1 >&/dev/null +docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$1" "$CMD1" >&/dev/null echo -n $? -docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$1" "${CMD2[@]}" >&/dev/null +docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$1" "${CMD2[@]}" >&/dev/null echo -n $? # Test run 5: Certificates are mounted and are symlinks (e.g. in Kubernetes as `Secret`s or `ConfigMap`s) and the # environment variable is set. We expect both CMD1 and CMD2 to succeed. -docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_symlink:/certificates "$1" $CMD1 >&/dev/null +docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs_symlink:/certificates" "$1" "$CMD1" >&/dev/null echo -n $? -docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_symlink:/certificates "$1" "${CMD2[@]}" >&/dev/null +docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs_symlink:/certificates" "$1" "${CMD2[@]}" >&/dev/null echo -n $? # Test run 6: Certificates are mounted and the environment variable is set, but the entrypoint is overridden. We expect # CMD1 to succeed and CMD2 to fail. # -docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" $CMD1 >&/dev/null +docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$TESTIMAGE" "$CMD1" >&/dev/null echo -n $? -docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" "${CMD2[@]}" >&/dev/null +docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$TESTIMAGE" "${CMD2[@]}" >&/dev/null echo -n $? diff --git a/dockerhub_doc_config_update.sh b/dockerhub_doc_config_update.sh index 1f63a91e0..55d64ab1e 100755 --- a/dockerhub_doc_config_update.sh +++ b/dockerhub_doc_config_update.sh @@ -41,14 +41,12 @@ oses="alpine ubuntu ubi windowsservercore-ltsc2022 nanoserver-ltsc2022 windowsse # The image which is used by default when pulling shared tags on linux e.g 8-jdk default_linux_image="noble" -git_repo="https://github.com/adoptium/containers/blob/master" - # Get the latest git commit of the current repo. # This is assumed to have all the latest dockerfiles already. gitcommit=$(git log | head -1 | awk '{ print $2 }') print_official_text() { - echo "$*" >> ${official_docker_image_file} + echo "$*" >> "${official_docker_image_file}" } print_official_header() { @@ -71,9 +69,9 @@ function generate_official_image_tags() { ojdk_version=${ojdk_version//+/_} case $os in - "ubuntu") distro=$(echo $dfdir | awk -F '/' '{ print $4 }' ) ;; - "ubi") distro=$(echo $dfdir | awk -F '/' '{ print $4 }' ) ;; - "windows") distro=$(echo $dfdir | awk -F '/' '{ print $4 }' ) ;; + "ubuntu") distro=$(echo "$dfdir" | awk -F '/' '{ print $4 }' ) ;; + "ubi") distro=$(echo "$dfdir" | awk -F '/' '{ print $4 }' ) ;; + "windows") distro=$(echo "$dfdir" | awk -F '/' '{ print $4 }' ) ;; *) distro=$os;; esac @@ -82,10 +80,8 @@ function generate_official_image_tags() { # 8u212-jdk full_ver_tag="${ojdk_version}-${pkg}" - unset extra_shared_tags extra_ver_tags + unset extra_shared_tags full_ver_tag="${full_ver_tag}-${distro}" - # Commented out as this added the -hotspot tag which we don't need for temurin - # extra_ver_tags=", ${ver}-${pkg}" ver_tag="${ver}-${pkg}-${distro}" all_tags="${full_ver_tag}, ${ver_tag}" @@ -94,7 +90,6 @@ function generate_official_image_tags() { jdk_tag="${ver}-${distro}" all_tags="${all_tags}, ${jdk_tag}" # make "eclipse-temurin:latest" point to newest supported JDK - # shellcheck disable=SC2154 if [ "${ver}" == "${latest_version}" ]; then if [ "${vm}" == "hotspot" ]; then extra_shared_tags=", latest" @@ -103,11 +98,12 @@ function generate_official_image_tags() { fi unset windows_shared_tags - shared_tags=$(echo ${all_tags} | sed "s/-$distro//g") - if [ $os == "windows" ]; then - windows_version=$(echo $distro | awk -F '-' '{ print $1 }' ) - windows_version_number=$(echo $distro | awk -F '-' '{ print $2 }' ) - windows_shared_tags=$(echo ${all_tags} | sed "s/$distro/$windows_version/g") + shared_tags="${all_tags//-$distro/}" + + if [ "$os" == "windows" ]; then + windows_version=$(echo "$distro" | awk -F '-' '{ print $1 }' ) + windows_version_number=$(echo "$distro" | awk -F '-' '{ print $2 }' ) + windows_shared_tags="${all_tags//$distro/$windows_version}" case $distro in nanoserver*) constraints="${distro}, windowsservercore-${windows_version_number}" @@ -115,32 +111,32 @@ function generate_official_image_tags() { ;; *) constraints="${distro}" - all_shared_tags="${windows_shared_tags}, ${shared_tags}${extra_ver_tags}${extra_shared_tags}" + all_shared_tags="${windows_shared_tags}, ${shared_tags}${extra_shared_tags}" ;; esac else - all_shared_tags="${shared_tags}${extra_ver_tags}${extra_shared_tags}" + all_shared_tags="${shared_tags}${extra_shared_tags}" fi } function generate_official_image_arches() { # Generate the supported arches for the above tags. - # Official images supports amd64, arm64vX, s390x, ppc64le amd windows-amd64 - if [ $os == "windows" ]; then + # Official images support amd64, arm64vX, s390x, ppc64le, and windows-amd64 + if [ "$os" == "windows" ]; then arches="windows-amd64" else - # shellcheck disable=SC2046,SC2005,SC1003,SC2086,SC2063 - arches=$(echo $(grep ') \\' ${file} | grep -v "*" | sed 's/) \\//g; s/|//g')) - arches=$(echo ${arches} | sed 's/x86_64/amd64/g') # replace x86_64 with amd64 - arches=$(echo ${arches} | sed 's/ppc64el/ppc64le/g') # replace ppc64el with ppc64le - arches=$(echo ${arches} | sed 's/arm64/arm64v8/g') # replace arm64 with arm64v8 - arches=$(echo ${arches} | sed 's/aarch64/arm64v8/g') # replace aarch64 with arm64v8 - arches=$(echo ${arches} | sed 's/armhf/arm32v7/g') # replace armhf with arm32v7 + arches=$(grep ') \\' "${file}" | grep -v '\*' | sed 's/) \\\//g; s/|//g') + arches="${arches//x86_64/amd64}" # replace x86_64 with amd64 + arches="${arches//ppc64el/ppc64le}" # replace ppc64el with ppc64le + arches="${arches//arm64/arm64v8}" # replace arm64 with arm64v8 + arches="${arches//aarch64/arm64v8}" # replace aarch64 with arm64v8 + arches="${arches//armhf/arm32v7}" # replace armhf with arm32v7 # sort arches alphabetically - arches=$(echo ${arches} | tr ' ' '\n' | sort | tr '\n' ' ' | sed 's/ /, /g' | sed 's/, $//') + arches=$(echo "${arches}" | tr ' ' '\n' | sort | tr '\n' ' ' | sed 's/ /, /g' | sed 's/, $//') fi } + function print_official_image_file() { # Retrieve the latest manifest block official_manifest=$(sed -n "/${all_tags}/,/^$/p" official-eclipse-temurin) @@ -178,15 +174,15 @@ function print_official_image_file() { echo "Architectures: ${arches}" echo "GitCommit: ${commit}" echo "Directory: ${dfdir}" - if [ $os == "windows" ]; then + if [ "$os" == "windows" ]; then echo "Builder: classic" echo "Constraints: ${constraints}" fi echo "" - } >> ${official_docker_image_file} + } >> "${official_docker_image_file}" } -rm -f ${official_docker_image_file} +rm -f "${official_docker_image_file}" print_official_header official_os_ignore_array=(clefos debian debianslim leap tumbleweed) @@ -201,7 +197,7 @@ function generate_official_image_info() { fi done if [ "${os}" == "windows" ]; then - distro=$(echo $dfdir | awk -F '/' '{ print $4 }' ) + distro=$(echo "$dfdir" | awk -F '/' '{ print $4 }' ) # 20h2 and 1909 is not supported upstream if [[ "${distro}" == "windowsservercore-20h2" ]] || [[ "${distro}" == "windowsservercore-1909" ]] || [[ "${distro}" == "windowsservercore-ltsc2019" ]] ; then return; @@ -210,10 +206,6 @@ function generate_official_image_info() { return; fi fi - # We do not push our nightly and slim images either. - if [ "${build}" == "nightly" ] || [ "${btype}" == "slim" ]; then - return; - fi generate_official_image_tags generate_official_image_arches @@ -239,14 +231,8 @@ do # dockerfile name dfname=$(basename "${file}") # dockerfile dir - dfdir=$(dirname $file | cut -c 3-) + dfdir=$(dirname "${file}" | cut -c 3-) os=$(echo "${file}" | awk -F '/' '{ print $4 }') - # build = release or nightly - # build=$(echo "${dfname}" | awk -F "." '{ print $3 }') - build="release" - # btype = full or slim - # btype=$(echo "${dfname}" | awk -F "." '{ print $4 }') - build="full" generate_official_image_info done done